ISF Logo   IS Forum
Forum Index Register Members List Events Mark Forums Read Help

Go Back   International Skeptics Forum » General Topics » Computers and the Internet
 

Notices


Welcome to the International Skeptics Forum, where we discuss skepticism, critical thinking, the paranormal and science in a friendly but lively way. You are currently viewing the forum as a guest, which means you are missing out on discussing matters that are of interest to you. Please consider registering so you can gain full use of the forum features and interact with other Members. Registration is simple, fast and free! Click here to register today.
Tags computer security , intel

Reply
Old 2nd January 2018, 09:11 PM   #1
William Parcher
Show me the monkey!
 
William Parcher's Avatar
 
Join Date: Jul 2005
Posts: 20,283
Intel CPUs have design and security flaw

'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign

Other OSes will need an update, performance hits loom


Originally Posted by The Register
A fundamental design flaw in Intel's processor chips has forced a significant redesign of the Linux and Windows kernels to defang the chip-level security bug.

Programmers are scrambling to overhaul the open-source Linux kernel's virtual memory system. Meanwhile, Microsoft is expected to publicly introduce the necessary changes to its Windows operating system in an upcoming Patch Tuesday: these changes were seeded to beta testers running fast-ring Windows Insider builds in November and December.

Crucially, these updates to both Linux and Windows will incur a performance hit on Intel products. The effects are still being benchmarked, however we're looking at a ballpark figure of five to 30 per cent slow down, depending on the task and the processor model. More recent Intel chips have features – such as PCID – to reduce the performance hit. Your mileage may vary.

Similar operating systems, such as Apple's 64-bit macOS, will also need to be updated – the flaw is in the Intel x86-64 hardware, and it appears a microcode update can't address it. It has to be fixed in software at the OS level, or go buy a new processor without the design blunder...

https://www.theregister.co.uk/2018/0...pu_design_flaw
__________________
Bigfoot believers and Bigfoot skeptics are both plumb crazy. Each spends more than one minute per year thinking about Bigfoot.
William Parcher is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 2nd January 2018, 10:33 PM   #2
Octavo
Illuminator
 
Octavo's Avatar
 
Join Date: Jun 2007
Location: South Africa
Posts: 3,485
Originally Posted by William Parcher View Post
'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign

Other OSes will need an update, performance hits loom





https://www.theregister.co.uk/2018/0...pu_design_flaw
If you own shares in Intel... SELL SELL SELL
__________________
This signature is intended to imitate people.
Octavo is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 2nd January 2018, 11:57 PM   #3
Fizil
Muse
 
Join Date: Sep 2012
Posts: 645
Originally Posted by Octavo View Post
If you own shares in Intel... SELL SELL SELL
That isn't even a joke, this is very serious, and ultimately unresolvable (the hardware microcode cannot be patched). This may not seriously affect gamers playing GPU-bound games, but as a business software developer, working with many CPU-bound processes, I am dreading seeing what the Windows patch does to our software performance.

I'll wait to see the benchmarks of others and my own, but this could significantly hurt Intel's business. It won't be clueless home PC owners that get pissed off, but businesses like mine.
Fizil is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 3rd January 2018, 03:44 AM   #4
rjh01
Gentleman of leisure
Tagger
 
rjh01's Avatar
 
Join Date: May 2005
Location: Flying around in the sky
Posts: 23,743
If you want to know how big an impact this has on CPUs there is an easy way to tell.
1. Wait until it is implemented
2. Look here https://folding.extremeoverclocking....s=&a=1&t=13232
3. Certain people fold using only their CPU. Compare these people's points before and after they put in the update.
rjh01 is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 3rd January 2018, 04:14 AM   #5
Dabop
Muse
 
Join Date: May 2015
Location: Oz
Posts: 697
Looks at old Dell M6300 running xp32 bit sp3...
Cant see the problem myself....


;-)
__________________
It's a kind of a strawman thing in that it's exactly a strawman thing. Loss Leader

'When you're born into this world, you're given a ticket to the freak show. If you're born in America you get a front row seat.' George Carlin
Dabop is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 3rd January 2018, 04:28 AM   #6
smartcooky
Philosopher
 
smartcooky's Avatar
 
Join Date: Oct 2012
Location: Nelson, New Zealand
Posts: 8,477
Reading on, this sounds like a joke to me

"The fix is to separate the kernel's memory completely from user processes using what's called Kernel Page Table Isolation, or KPTI. At one point, Forcefully Unmap Complete Kernel With Interrupt Trampolines, aka ****WIT, was mulled by the Linux kernel team, giving you an idea of how annoying this has been for the developers."
__________________
► 9/11 was a terrorist attack by Islamic extremists; 12 Apollo astronauts really did walk on the Moon; JFK was assassinated by Lee Harvey Oswald,who acted alone.
► Never underestimate the power of the Internet to lend unwarranted credibility to the colossally misinformed. - Jay Utah
► Heisenberg's Law - The weirdness of the Universe is inversely proportional to the scale at which you observe it, or not.
smartcooky is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 3rd January 2018, 05:48 AM   #7
Fizil
Muse
 
Join Date: Sep 2012
Posts: 645
Originally Posted by smartcooky View Post
Reading on, this sounds like a joke to me

"The fix is to separate the kernel's memory completely from user processes using what's called Kernel Page Table Isolation, or KPTI. At one point, Forcefully Unmap Complete Kernel With Interrupt Trampolines, aka ****WIT, was mulled by the Linux kernel team, giving you an idea of how annoying this has been for the developers."
Linux developers aren't always the most professional. The issue isn't a joke, the kernel developers simply made a joke acronym.

edit:
Here are some initial benchmarks of the Linux kernel changes: https://www.phoronix.com/scan.php?pa...5-x86pti&num=2

On the one hand, I was clearly wrong about there being much of an impact on CPU-bound processes which is good. On the other hand there is clearly a large impact on I/O and Memory bound processes. Now that I understand the underlying issue better this makes sense. It is system calls to the kernel that will take longer after these patches, so basically any process that makes lots of system calls will experience the worst performance degradation.

Last edited by Fizil; 3rd January 2018 at 06:54 AM.
Fizil is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 3rd January 2018, 07:43 AM   #8
Skeptical Greg
Agave Wine Connoisseur
 
Skeptical Greg's Avatar
 
Join Date: Jul 2002
Location: Just past ' Resume Speed ' .
Posts: 15,080
Interesting that this has been around for 10 years, and is just now making the news..

Quote:
It is understood the bug is present in modern Intel processors produced in the past decade.
__________________
" What if the Hokey Pokey is what it's all about? "

Prove your computer is not a wimp ! Join Team 13232 !
Skeptical Greg is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 3rd January 2018, 09:04 AM   #9
Fizil
Muse
 
Join Date: Sep 2012
Posts: 645
So I thought I would add some information about why these changes to Windows and Linux will cause a large performance hit.

TLDR: The fix involves clearing a hardware cache on the CPU whenever the OS kernel is invoked, and CPU caches are much faster than accessing your RAM, so each time the OS kernel is invoked, it is going to take significantly more time that prior to these patches.

To explain this first I need to explain virtual memory. Basically, virtual memory is a way of letting every running application in a system pretend it has the entire addressable memory space to itself. So say Program A has data stored in physical memory addresses 1113,1114, and 1115, while Program B has data stored in physical memory addresses 4322,4323, and 4324. With virtual memory each program might "see" those addresses as address 10,11, and 12. Thus there is no need for them to worry about where stuff is actually located in physical memory, they only need to know where things are located in their virtual address space. On the CPU there is a module called the Translation Lookaside Buffer. It's job is to act as a cache of mappings between virtual addresses and real physical addresses. The operating system maintains it's own map of virtual addresses to physical addresses, but the TLB is present so that an expensive memory lookup doesn't need to take place every time the CPU needs to check what the actual physical address represented by a virtual address is.

Next, to oversimplify, you need to understand that the CPU can be in one of two modes: user mode or kernel mode. User mode is what your applications run in, while things like the OS kernel and your device drivers run in kernel mode. While in user mode certain CPU functions and memory addresses cannot be accessed. In order access the functionality of the kernel, the application makes system calls, special functions exposed by the kernel that switch the CPU into kernel mode, perform kernel operations like sending data across the network, accessing the disk, etc..., then switching back to user mode and returning to the user process.

Now, what happens in Windows and Linux is that the kernel memory space is mapped into every user processes virtual memory. Because of the kernel mode/user mode access restrictions, the user mode process can't read the portions of virtual memory occupied by the kernel, but they are there. The main benefit of this is that whenever a user->kernel or kernel->user switch occurs, the virtual memory pages don't need to be swapped out, and even more importantly the kernel page mappings are usually present in the CPU's Translation Lookaside Buffer. CPUs are fast, main memory access is comparatively quite slow, so you want these CPU caches like the TLB to be used as much as possible.

Now to the Intel CPU issue. I don't know all the details but it seems to be that one of the pieces of functionality of the CPU, the speculative execution feature. Your CPU doesn't execute instruction A, then when it is done execute instruction B etc... Processing of each instruction takes time and thus your CPU pipelines the instructions. So if each instruction has say 5 phases before it is done executing, instruction A finishes phase 1 and starts phase 2, instruction B starts phase 2, instruction A finishes phase 2 and starts phase 3 and instruction B finishes phase 1 and starts phase 2 while instruction C enters phase 1...etc....etc.... This is a pipelined architecture where the processing of instructions works a lot like an industrial assembly line. Now imagine instruction B was a conditional branch instruction. The next instruction that should be processed after B depends on the final result of B, so how do you pipeline it? Well the CPU tries to predict which way the branch will go, and just starts speculatively executing the instructions down that execution path. If it turns out the branch went the other way it has to discard all that work and start over, but if it guessed right, it already has a bunch of instructions well on the way to completion.

So what is the issue? It seems to be that the Intel CPUs don't enforce the ring 0 kernel mode security features when accessing the Translation Lookaside Buffer during a speculative execution. So if your user mode code tries to access kernel virtual address 10 while being executed speculatively, rather than the CPU throwing up a fault, the TLB will give you the physical memory address associated with it. This lets exploit writers effectively map where stuff is located in the kernel. I'm not sure if this bug allows them to actually access the kernel memory, or if it is just that the TLB will resolve the physical address.

What is the solution, and why does it suck? Like I said before, caches like the TLB are important because memory access is slow compared to the CPU. The solution to the problem is to force a full context switch whenever a kernel system call is made. You remove the kernel from the virtual address space of the user process, and every time a system call happens you have to flush the TLB, and load a new page table for the kernel. These are comparatively slow memory access processes that significantly impact the time taken by each system call. Any process that makes many system calls will be very adversely affected by this. Even overall system performance will be hampered by this however, since hardware interrupts (such as say receiving a network packet) will also force the context switch to the kernel. Hell, pressing a key on your keyboard causes a hardware interrupt, although I don't think any human could ever type fast enough to actually see a measurable difference in performance due to keyboard interrupts.
Fizil is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 3rd January 2018, 10:55 AM   #10
paulhutch
Master Poster
 
Join Date: Mar 2010
Location: Blackstone River Valley, MA
Posts: 2,176
Originally Posted by Fizil View Post
So I thought I would add some information about why these changes to Windows and Linux will cause a large performance hit.
<snip great stuff>
Wanted to thank you for this and your other posts on this topic.

I was getting a bit depressed since I just spent >$2000.00 on a new home office workstation 11 months ago. Based on only the Register article I was beginning to think my choice of an i7-6700 over an AMD CPU (which I normally would have chosen but lagged in performance vs. the i7) had turned against me. Seeing the benchmark for FFmpeg in the article you linked I'm comfortable that I will likely not feel any actual performance decrease because that benchmark most closely corresponds to my most intensive commuting tasks.
paulhutch is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 3rd January 2018, 11:25 AM   #11
SleepingWeasle
Thinker
 
Join Date: Nov 2007
Posts: 128
Small sample size and all, but I have 5 computers running Windows 10 on the insider preview fast ring, which have all been patched to fix this. None of them have experienced anything close to a 30% reduction. In fact, I haven't noticed any reduction at all, so I ran some benchmarks on the 2 I have access to right now. On one, no reduction at all, on the other, a 1% reduction from October.

Also, according to the article, "macOS has been patched to counter the chip design blunder since version 10.3.2, according to operating system kernel expert Alex Ionescu". While I'm sure some systems will experience some sort of degradation, I imagine most users experience no noticeable change. Windows users should find out for sure this patch Tuesday.
SleepingWeasle is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 3rd January 2018, 12:09 PM   #12
Fizil
Muse
 
Join Date: Sep 2012
Posts: 645
Originally Posted by SleepingWeasle View Post
Small sample size and all, but I have 5 computers running Windows 10 on the insider preview fast ring, which have all been patched to fix this. None of them have experienced anything close to a 30% reduction. In fact, I haven't noticed any reduction at all, so I ran some benchmarks on the 2 I have access to right now. On one, no reduction at all, on the other, a 1% reduction from October.

Also, according to the article, "macOS has been patched to counter the chip design blunder since version 10.3.2, according to operating system kernel expert Alex Ionescu". While I'm sure some systems will experience some sort of degradation, I imagine most users experience no noticeable change. Windows users should find out for sure this patch Tuesday.
Could I ask which benchmarks you ran? I myself have been collecting a series of pre-patch benchmarks to check against a few of my systems post-patch. My main concern is really the numbers I've been seeing from Linux database benchmarks.
Fizil is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 3rd January 2018, 12:14 PM   #13
Fizil
Muse
 
Join Date: Sep 2012
Posts: 645
Btw, if anyone doesn't want to read through my big ole post, a much better coverage of most of what I describe has actually been put up on Ars Technica. It is a pretty good read:

https://arstechnica.com/gadgets/2018...erous-patches/
Fizil is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 3rd January 2018, 12:29 PM   #14
SleepingWeasle
Thinker
 
Join Date: Nov 2007
Posts: 128
No problem! I use Geekbench and SANDRA. Well, to be completely honest, I also use Holomark 2, but that's not really related to this topic. Anyway, I hope I'm not sounding like I'm trying to pretend I KNOW what the result of this will be. Just that in my experience, nothing happened. When Fast Ringers were patched a month or so ago, there was no outcry of a performance drop, and when MacOS 10.3.2 was released, there was no massive outcry. This could of course be an incorrect conclusion to draw, but it seems logical to me...

Oh, I don't really use any Linux databases, so I know less than squat about how those will be affected!
SleepingWeasle is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 3rd January 2018, 12:40 PM   #15
Fizil
Muse
 
Join Date: Sep 2012
Posts: 645
Originally Posted by SleepingWeasle View Post
No problem! I use Geekbench and SANDRA. Well, to be completely honest, I also use Holomark 2, but that's not really related to this topic. Anyway, I hope I'm not sounding like I'm trying to pretend I KNOW what the result of this will be. Just that in my experience, nothing happened. When Fast Ringers were patched a month or so ago, there was no outcry of a performance drop, and when MacOS 10.3.2 was released, there was no massive outcry. This could of course be an incorrect conclusion to draw, but it seems logical to me...

Oh, I don't really use any Linux databases, so I know less than squat about how those will be affected!
Thanks, the best benchmarks for me will of course be performance metrics on my stress test app servers, running my actual applications. I agree that this will not be a big deal for most consumers, but I still worry it could be a big deal for business applications like mine which ultimately, through layer after layer of APIs, make extensive use of system calls to the kernel. Most commonly used consumer applications, including games, are not particularly system call intensive.
Fizil is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 3rd January 2018, 01:46 PM   #16
William Parcher
Show me the monkey!
 
William Parcher's Avatar
 
Join Date: Jul 2005
Posts: 20,283
Originally Posted by SleepingWeasle View Post
Also, according to the article, "macOS has been patched to counter the chip design blunder since version 10.3.2, according to operating system kernel expert Alex Ionescu". While I'm sure some systems will experience some sort of degradation, I imagine most users experience no noticeable change.
It's reported that there is more Apple patching coming.

Originally Posted by AppleInsider
After a public disclosure of a security flaw with nearly every Intel processor produced for the last 15 years, concern grew that a fix may take up to 30 percent of the processing power away from a system. But Apple appears to have at least partially fixed the problem with December's macOS 10.13.2 —and more fixes appear to be coming in 10.13.3. ......

http://iphone.appleinsider.com/artic...-security-flaw
__________________
Bigfoot believers and Bigfoot skeptics are both plumb crazy. Each spends more than one minute per year thinking about Bigfoot.
William Parcher is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 3rd January 2018, 02:15 PM   #17
The Norseman
Meandering fecklessly
 
The Norseman's Avatar
 
Join Date: Dec 2008
Posts: 7,643
Hmmm.... I think I might actually have taken a performance hit after I updated my system after quite a long time.

I'm currently running Linux Mint Cinnamon 64-bit (kernel is 4.4.0-104-generic whatever that means) with a fairly recent upgrade of an Intel i7-7700K (4.2ghz x 4 cores) and 32 gigs of DDR3 RAM; I have nearly 8 terabytes of storage space, spread across five physical hard drives (one of which, my OS drive is an SSD, the rest being merely storage) and I have two monitors running off of an NVidia GForce GTX 1050 Ti 5 gig DDR5 RAM video card.

With the new mobo and new case as well as several replacement drives, set me back close to two grand all told. Funny to me is that I'm not particularly a heavy gamer nor do I do much other than surf the net, watch movies, download porn interesting and engaging materials.

I just love to have to never shut my machine down for any reason and so I routinely have ten or so applications running simultaneously.

Anywhooo.... I did the upgrade to my software packages as well as the !-marked kernel upgrades and then after that, I seemed to suffer some serious slow downs.

Last edited by The Norseman; 3rd January 2018 at 02:16 PM.
The Norseman is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 3rd January 2018, 02:24 PM   #18
Fizil
Muse
 
Join Date: Sep 2012
Posts: 645
Originally Posted by The Norseman View Post
Hmmm.... I think I might actually have taken a performance hit after I updated my system after quite a long time.

I'm currently running Linux Mint Cinnamon 64-bit (kernel is 4.4.0-104-generic whatever that means) with a fairly recent upgrade of an Intel i7-7700K (4.2ghz x 4 cores) and 32 gigs of DDR3 RAM; I have nearly 8 terabytes of storage space, spread across five physical hard drives (one of which, my OS drive is an SSD, the rest being merely storage) and I have two monitors running off of an NVidia GForce GTX 1050 Ti 5 gig DDR5 RAM video card.

With the new mobo and new case as well as several replacement drives, set me back close to two grand all told. Funny to me is that I'm not particularly a heavy gamer nor do I do much other than surf the net, watch movies, download porn interesting and engaging materials.

I just love to have to never shut my machine down for any reason and so I routinely have ten or so applications running simultaneously.

Anywhooo.... I did the upgrade to my software packages as well as the !-marked kernel upgrades and then after that, I seemed to suffer some serious slow downs.
It could just be happenstance. Given the workload you describe, along with how beefy your system is, it is unlikely you would experience very noticeable effects. But you can test it, I believe there are flags you can set to turn the new patch off.

Another thing to keep in mind is that you have certainly received other changes, both kernel and non-kernel that could affect your performance. A recent OS update absolutely killed my Android phone, not because of any kernel change, but because my cell provider decided my OS update should include a ton of absolute junk being installed and running in the background.
Fizil is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 3rd January 2018, 02:39 PM   #19
The Norseman
Meandering fecklessly
 
The Norseman's Avatar
 
Join Date: Dec 2008
Posts: 7,643
Originally Posted by Fizil View Post
It could just be happenstance. Given the workload you describe, along with how beefy your system is, it is unlikely you would experience very noticeable effects. But you can test it, I believe there are flags you can set to turn the new patch off.

Another thing to keep in mind is that you have certainly received other changes, both kernel and non-kernel that could affect your performance. A recent OS update absolutely killed my Android phone, not because of any kernel change, but because my cell provider decided my OS update should include a ton of absolute junk being installed and running in the background.
"Beefy"? lol I love that. Yeah, my box is pretty much overkill for anything rational. I'm, like, in the stratosphere maaaannnn....

But yes, you could be right on that. At first my mouse started running reeeeeaaaaalllllyyyyy ssssslllloooowwwwwlllllyyyyyy.... I'd be mousing my ass off and the cursor would just... take its sweet little time and mosey on over to where I was feverishly trying to move it. It could easily take 30 seconds to go from one monitor to the other.

Then I discovered that was happening because my mouse's light sensor was pretty dirty. So... yeah. Felt kinda dumb there.

But it's in my music player program Clementine that seems to be hitching a lot more than it used to, even when I have rebooted and not run my usual load of applications.

But thank you, I will look more into maybe setting some flags and then run my own bench tests just to see.
The Norseman is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 3rd January 2018, 03:01 PM   #20
smartcooky
Philosopher
 
smartcooky's Avatar
 
Join Date: Oct 2012
Location: Nelson, New Zealand
Posts: 8,477
Excuse my ignorance, but am I right in assuming that this flaw only applies to Intel CPUs for 64 bit systems and that 32 bit systems are completely unaffected?

If so, the only 64 bit system I have is my HP laptop which I suspect uses an AMD CPU not an Intel one.
__________________
► 9/11 was a terrorist attack by Islamic extremists; 12 Apollo astronauts really did walk on the Moon; JFK was assassinated by Lee Harvey Oswald,who acted alone.
► Never underestimate the power of the Internet to lend unwarranted credibility to the colossally misinformed. - Jay Utah
► Heisenberg's Law - The weirdness of the Universe is inversely proportional to the scale at which you observe it, or not.

Last edited by smartcooky; 3rd January 2018 at 03:02 PM.
smartcooky is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 3rd January 2018, 03:14 PM   #21
RecoveringYuppy
Philosopher
 
Join Date: Nov 2006
Posts: 7,425
Yes, 64 bit only. However I wouldn't count on AMD being free of this defect just yet. As far as I can tell the flaw is in the original design and it was AMD that came up with the design.
__________________
REJ (Robert E Jones) posting anonymously under my real name for 30 years.

Make a fire for a man and you keep him warm for a day. Set him on fire and you keep him warm for the rest of his life.

Last edited by RecoveringYuppy; 3rd January 2018 at 03:16 PM.
RecoveringYuppy is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 3rd January 2018, 03:32 PM   #22
RecoveringYuppy
Philosopher
 
Join Date: Nov 2006
Posts: 7,425
According to this article more than one flaw has been detected and some are expected to affect Intel, AMD, and ARM. ARM has already acknowledged this. AMD appears to be disputing it.
__________________
REJ (Robert E Jones) posting anonymously under my real name for 30 years.

Make a fire for a man and you keep him warm for a day. Set him on fire and you keep him warm for the rest of his life.
RecoveringYuppy is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 3rd January 2018, 04:51 PM   #23
William Parcher
Show me the monkey!
 
William Parcher's Avatar
 
Join Date: Jul 2005
Posts: 20,283
Critical flaws revealed to affect most Intel chips since 1995

Originally Posted by ZDNet
Most Intel processors and some ARM chips are confirmed to be vulnerable, putting billions of devices at risk of attacks. One of the security researchers said the bugs are "going to haunt us for years."

Just hours after proof-of-concept code was tweeted, security researchers have revealed the long-awaited details of two vulnerabilities in Intel processors dating back more than two decades.

Two critical vulnerabilities found in Intel chips can let an attacker steal data from the memory of running apps, such as data from password managers, browsers, emails, and photos and documents.

The researchers who discovered the vulnerabilities, dubbed "Meltdown" and "Spectre," said that "almost every system," since 1995, including computers and phones, is affected by the bug. The researchers verified their findings on Intel chips dating back to 2011, and released their own proof-of-concept code to allow users to test their machines.

"An attacker might be able to steal any data on the system," said Daniel Gruss, a security researcher who discovered the Meltdown bug, in an email to ZDNet.

"Meltdown is not only limited to reading kernel memory but it is capable of reading the entire physical memory of the target machine," according to the paper accompanying the research.

The vulnerability affects operating systems and devices running on Intel processors developed in the past decade, including Windows, Macs, and Linux systems...

http://www.zdnet.com/article/securit...ors-vulnerable
__________________
Bigfoot believers and Bigfoot skeptics are both plumb crazy. Each spends more than one minute per year thinking about Bigfoot.
William Parcher is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 3rd January 2018, 05:26 PM   #24
smartcooky
Philosopher
 
smartcooky's Avatar
 
Join Date: Oct 2012
Location: Nelson, New Zealand
Posts: 8,477
OK, so here are some pertinent questions. If these flaws have been around for 20 years....

a. How come it has taken this long to discover them?
b. Has anyone actually exploited any of them in that time?
c. Is it really a security flaw if no-one has known about it for 20 years?
d. Does announcing these flaws make them more of a security risk due to hackers now becoming aware that they exist?
__________________
► 9/11 was a terrorist attack by Islamic extremists; 12 Apollo astronauts really did walk on the Moon; JFK was assassinated by Lee Harvey Oswald,who acted alone.
► Never underestimate the power of the Internet to lend unwarranted credibility to the colossally misinformed. - Jay Utah
► Heisenberg's Law - The weirdness of the Universe is inversely proportional to the scale at which you observe it, or not.
smartcooky is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 3rd January 2018, 05:28 PM   #25
ddt
Mafia Penguin
 
ddt's Avatar
 
Join Date: Dec 2007
Location: Netherlands
Posts: 19,410
Originally Posted by Fizil View Post
So I thought I would add some information about why these changes to Windows and Linux will cause a large performance hit.

TLDR: The fix involves clearing a hardware cache on the CPU whenever the OS kernel is invoked, and CPU caches are much faster than accessing your RAM, so each time the OS kernel is invoked, it is going to take significantly more time that prior to these patches.

<snip>

You remove the kernel from the virtual address space of the user process, and every time a system call happens you have to flush the TLB, and load a new page table for the kernel.
Nitpick: And on return from the syscall, flush the kernel part of the TLB and reload the user program part of the TLB.

ETA: good write-up as far as I can judge!

So the safest solution is to run MINIX 2.0 as OS, which doesn't have a VM subsystem in its kernel?

Oh, and am I glad I've bought AMD processors the last couple of times...
__________________
"I think it is very beautiful for the poor to accept their lot, to share it with the passion of Christ. I think the world is being much helped by the suffering of the poor people." - "Saint" Teresa, the lying thieving Albanian dwarf

"I think accuracy is important" - Vixen

Last edited by ddt; 3rd January 2018 at 05:30 PM.
ddt is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 3rd January 2018, 08:41 PM   #26
smartcooky
Philosopher
 
smartcooky's Avatar
 
Join Date: Oct 2012
Location: Nelson, New Zealand
Posts: 8,477
I have just checked my Desktop CPU. Its an Intel Core i5-6500 (64 bit) but I am only running Windows 10 - 32 bit because there are some applications necessary to my business that will not run on Win 10 - 64 bit.

Am I still vulnerable even though I am not running in 64 bit mode.
__________________
► 9/11 was a terrorist attack by Islamic extremists; 12 Apollo astronauts really did walk on the Moon; JFK was assassinated by Lee Harvey Oswald,who acted alone.
► Never underestimate the power of the Internet to lend unwarranted credibility to the colossally misinformed. - Jay Utah
► Heisenberg's Law - The weirdness of the Universe is inversely proportional to the scale at which you observe it, or not.
smartcooky is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 4th January 2018, 12:42 AM   #27
Fizil
Muse
 
Join Date: Sep 2012
Posts: 645
To clear things up a little further, the embargo on information has come down so we know what the attacks are. Specifically there are two, one called Meltdown, and one called Spectre.

Meltdown, as far as can be told right now, only affects Intel CPUs. It is the one that requires the kernel page table isolation that affects performance.
Spectre operates on similar principles but doesn't break kernel security. It is less dangerous than Meltdown (though not benign to be sure) and affects Intel, AMD, and ARM processors equally.

The way they both work is pretty interesting actually. I'll explain Meltdown for you all. So, the processor will not actually let you access or use data speculatively accessed when the instructions are fully resolved. So here is the basic example given, here register RCX contains a protected kernel memory address, and register RBX contains the address of a large array you have allocated in user space. Also AL is an 8-bit register that is simply the lowest byte of the 64-bit RAX register:

Quote:
1: mov AL, byte [RCX]
2: shl RAX, 0xC
3: mov RBX, qword [RBX + RAX]
Line 1 tries to access 1 byte of data from the address in RCX. Line 2 takes the RAX register, which now contains that data in it's lowest byte, and shifts it left 12 bits. so if the contents of RAX looked like this: 0x00000000000000FF, after instruction 2 it now looks like this: 0x00000000000FF000. Finally line 3 tries to read the location of the user space array offset by the current value of RAX. So if the array is located at user space memory address 0x00000000F000000, it will try to load the data in the array located at address 0x000000F00FF000.

Now when instruction 1 is finally fully resolved, the CPU will throw a fault because your user process isn't allowed to access the address in RCX, and all the work done by instructions 2 and 3 is reverted. You will not find the contents of memory address RBX + RAX in register RBX after this snippet of code. So how does the exploit work? Well this is the cool part, and should give those of you asking how this took so long to figure out an idea of why stuff like this could be hard to find.

Here is what happens. I mentioned before that the CPU contains caches for the data it pulls from main memory. This means that if a piece of memory has been recently accessed, when you access it again it will be much faster. So what you do to exploit this is you make sure your large user space array is "cold", meaning not present in the CPU cache. You try the exploit which contains the above code, hoping the CPU will attempt to speculatively execute it. Then you time how long it takes to load data from different points in the array! The purpose of line 2 is to spread out the addresses in the array that will be read based on the data read from kernel memory, so each entry is 4096 bytes away from any other, making sure touching one doesn't include another in it's cache line. Once you time the memory accesses for the array, you see that accessing memory address 0x000000F00FF000 only took 1 ns, while the other 255 memory locations you tried to access took 100 ns each. Now you know that the kernel contained the byte FF at the memory location that was stored in RCX.

This is amazing in my opinion. You use the nature of caching that we use to keep our CPUs as busy as they can potentially be in order to generate a timing attack to determine the contents of memory we don't have access to!

Last edited by Fizil; 4th January 2018 at 01:00 AM.
Fizil is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 4th January 2018, 07:32 AM   #28
bigred
Penultimate Amazing
 
bigred's Avatar
 
Join Date: Jan 2005
Location: USA
Posts: 18,149
So glad I held on to my 386 Laugh all you want at its slower speed but I'm secure baby.
bigred is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 5th January 2018, 03:20 AM   #29
Sceptic-PK
Illuminator
 
Join Date: Jun 2010
Posts: 3,693
Thanks for all the posts, Fizil. Very interesting (you know, the bits that I understood )

In your view, what's the kind of mischief a hacker or attack could wreak with Meltdown? Stealing online and/or application passwords?

How much do you think the fixes will impact CPU/memory performance for society's most important applications known as video games?
Sceptic-PK is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 5th January 2018, 03:39 AM   #30
Darat
Lackey
Administrator
 
Darat's Avatar
 
Join Date: Aug 2001
Location: South East, UK
Posts: 82,053
Originally Posted by Sceptic-PK View Post
Thanks for all the posts, Fizil. Very interesting (you know, the bits that I understood )

In your view, what's the kind of mischief a hacker or attack could wreak with Meltdown? Stealing online and/or application passwords?

How much do you think the fixes will impact CPU/memory performance for society's most important applications known as video games?
Theoretically pretty much anything.

The paper on meltdown shows an example that could read web passwords - see attached screengrab.
Attached Images
File Type: jpg clipmeltpdf.jpg (65.1 KB, 30 views)
__________________
I wish I knew how to quit you
Darat is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 5th January 2018, 07:10 AM   #31
Fizil
Muse
 
Join Date: Sep 2012
Posts: 645
Originally Posted by Sceptic-PK View Post
Thanks for all the posts, Fizil. Very interesting (you know, the bits that I understood )

In your view, what's the kind of mischief a hacker or attack could wreak with Meltdown? Stealing online and/or application passwords?

How much do you think the fixes will impact CPU/memory performance for society's most important applications known as video games?
Well first the attack is local, so your computer already has to be compromised, just like any other virus or malware don't run programs you don't trust, or go to shady websites. Once your computer is compromised, Meltdown can be used to read every page of main memory on your computer. This is because Meltdown can access kernel memory, which is bad enough in and of itself, but the kernel always has the entirety of physical memory mapped itself, so the memory space of all your other running applications is available once you can read the kernel addresses.

So yes, stealing passwords is a real possibility. Even your local password to log on to your computer could potentially be compromised if the hacker reads the memory buffer that clear-text password is stored in before it is hashed and compared against your computer's record when you log in.

Video games (on Intel PCs) will probably not be impacted much, with the caveat that I haven't seen the impact on multi-player games yet. MMO's in particular tend to be particularly chatty on the network, which could potentially cause small performance issues. Overall though, the performance issues will be due to the increased overhead in system calls, and while video games do have to make system calls to render stuff to the screen, frameworks like DirectX are designed to batch things up so that a lot of work is done in a minimum number of system calls.

The main potential hits are going to be things like Database Servers, App Servers, High-traffic websites, or any application that dynamically allocates and releases memory a lot. Most applications a home user/gamer would use aren't like those.
Fizil is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 5th January 2018, 07:42 AM   #32
William Parcher
Show me the monkey!
 
William Parcher's Avatar
 
Join Date: Jul 2005
Posts: 20,283
Apple has confirmed that all Mac computers, iPads and iPhones are effected by Meltdown and Spectre.
__________________
Bigfoot believers and Bigfoot skeptics are both plumb crazy. Each spends more than one minute per year thinking about Bigfoot.
William Parcher is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 5th January 2018, 10:24 AM   #33
baron
Philosopher
 
baron's Avatar
 
Join Date: Dec 2006
Posts: 6,045
This is why I'm glad I don't have Win 10. If they **** up the patch then I have the option to rollback, or not to install. With Win 10 no such option exists, you get it forced upon you whether you like it or not.
__________________
"I am a liar as well as a dwarf!"
baron is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 5th January 2018, 10:26 AM   #34
Hellbound
Merchant of Doom
 
Hellbound's Avatar
 
Join Date: Sep 2002
Location: Not in Hell, but I can see it from here on a clear day...
Posts: 12,381
Originally Posted by baron View Post
This is why I'm glad I don't have Win 10. If they **** up the patch then I have the option to rollback, or not to install. With Win 10 no such option exists, you get it forced upon you whether you like it or not.
I'd suggest you read before making inaccurate statements.
Hellbound is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 5th January 2018, 02:58 PM   #35
baron
Philosopher
 
baron's Avatar
 
Join Date: Dec 2006
Posts: 6,045
Originally Posted by Hellbound View Post
I'd suggest you read before making inaccurate statements.
What would you like me to read?
__________________
"I am a liar as well as a dwarf!"
baron is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 5th January 2018, 03:07 PM   #36
Hellbound
Merchant of Doom
 
Hellbound's Avatar
 
Join Date: Sep 2002
Location: Not in Hell, but I can see it from here on a clear day...
Posts: 12,381
Originally Posted by baron View Post
What would you like me to read?
https://support.microsoft.com/en-us/...date-kb4056892

This particular patch will NOT be applied unless you take positive action to add in the registry key from the above article. While you're generally correct that patching is automatic, it's not in this case.
Hellbound is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 5th January 2018, 04:34 PM   #37
alfaniner
Penultimate Amazing
 
alfaniner's Avatar
 
Join Date: Aug 2001
Posts: 18,196
You know, I always thought this would be a good reason whythe tech in Star Trek:TOS looks clunkier than that of Enterprise. Say the Borg (unknown to the Federation) put a virus in all computer systems, necessitating a totally new operating system basic that was only just getting going again by Kirk's time. That would have been a cool conclusion/cliffhanger to the Enterprise series (and likely better than the one we got.)
__________________
Science is self-correcting.
Woo is self-contradicting.
alfaniner is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 5th January 2018, 06:30 PM   #38
paulhutch
Master Poster
 
Join Date: Mar 2010
Location: Blackstone River Valley, MA
Posts: 2,176
Originally Posted by Hellbound View Post
https://support.microsoft.com/en-us/...date-kb4056892

This particular patch will NOT be applied unless you take positive action to add in the registry key from the above article. While you're generally correct that patching is automatic, it's not in this case.
Actually that's not what's going on with the patch. Some third party Antivirus software is incompatible with the fix so if you have incompatible third party AV the patch will be delayed until your AV supplier tests their product and sets that registry key.

If you are running Windows Defender you get the patch right away because that registry key is already set. Since I don't use 3rd party AV I have the key set and I see the update is queued for installation on a restart which I will be doing right after I hit submit because this is an important security update and the other bug fixes are important too.

Ref.
http://www.itprotoday.com/network-se...ulnerabilities
http://www.zdnet.com/article/windows...crosoft-patch/
paulhutch is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 5th January 2018, 06:38 PM   #39
paulhutch
Master Poster
 
Join Date: Mar 2010
Location: Blackstone River Valley, MA
Posts: 2,176
Finished, that was a fast reboot update. Also it shows up in the list of updates that you can uninstall.

Last edited by paulhutch; 5th January 2018 at 06:44 PM.
paulhutch is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 5th January 2018, 06:42 PM   #40
William Parcher
Show me the monkey!
 
William Parcher's Avatar
 
Join Date: Jul 2005
Posts: 20,283
Originally Posted by paulhutch View Post
If you are running Windows Defender you get the patch right away because that registry key is already set.
I hope that's also true for Microsoft Security Essentials because that's my antivirus with Windows 7.
__________________
Bigfoot believers and Bigfoot skeptics are both plumb crazy. Each spends more than one minute per year thinking about Bigfoot.
William Parcher is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Reply

International Skeptics Forum » General Topics » Computers and the Internet

Bookmarks

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -7. The time now is 11:59 PM.
Powered by vBulletin. Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.

This forum began as part of the James Randi Education Foundation (JREF). However, the forum now exists as
an independent entity with no affiliation with or endorsement by the JREF, including the section in reference to "JREF" topics.

Disclaimer: Messages posted in the Forum are solely the opinion of their authors.